In the new Ubuntu Security Notices, the company notes the fact that the Ubuntu 12.04 LTS (Precise Pangolin), Ubuntu 14.04 LTS (Trusty Tahr), Ubuntu 16.04 LTS (Xenial Xerus), and Ubuntu 16.10 (Yakkety Yak) distributions, as well as all of their officially supported derivatives, such as Kubuntu, Xubuntu, Lubuntu, Ubuntu MATE, Ubuntu GNOME, Ubuntu Kylin, Ubuntu Studio, Edubuntu, or Mythbuntu, are affected by the following issue.
Affecting only the Ubuntu 12.04 LTS and Ubuntu 14.04 LTS releases, there’s a security flaw documented as CVE-2016-9555 and discovered by Andrey Konovalov in Linux kernel’s SCTP implementation, which made it to improperly handle validation of incoming data, allowing a remote attacker to crash the affected system via a denial of service.
Additionally, Ubuntu 12.04 LTS is affected by multiple memory leaks (CVE-2016-9685) in the XFS file system support, which could allow a local attacker to cause a denial of service. Users are urged to update their systems as soon as possible to linux-image-3.2.0-121.164 for Ubuntu 12.04 LTS or linux-image-3.13.0-108.155~precise1 for Ubuntu 12.04.5 LTS, as well as linux-image-3.13.0-108.155 for Ubuntu 14.04 LTS or linux-image-4.4.0-62.83~14.04.1 for Ubuntu 14.04.5 LTS.